Many fields are now complex, like winlog.event_data.IpAddress, but few if any of the doc examples use any more than a simple field name:
{
"remove": {
"field": "user_agent"
}
}
Finding when to use the dots vs when to use brackets is an unnecessary pain.
Thanks for the suggestion, it'd be best to create a new docs request with some links to pages that you think could use this improvement so the docs team can take a closer look 
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.